Skip Navigation
Storing end-user passwords in a "cookie"
Answer ID 369   |   Last Review Date 11/25/2019

Can I change how long the end-user login password is stored in a "cookie" when logging in to the end-user pages?




Cookies are not stored within the Oracle B2C Service product, they are stored on the local workstation in the default location as defined by your browser.  However, you can tell the system to expire those cookies.

The MYSEC_LOGIN_COOKIE_EXP specifies the time (in minutes) before the end-user login cookie will expire. The value 0 means the cookie never expires. The value -1 means that no cookie will be set on the end-user's computer. If not 0 or -1, then the minimum value is 10 minutes; any value lower than 10 will be rounded to 10. Default is 1440.

A non-negative setting prefixed with a '+' indicates that cookies are required: end-users without cookies enabled on their browsers will not be able to log in.

Note: This setting is only used for Outreach documents.

Path to setting(s): Select Configuration from the navigation area > Site Configuration > Configuration Settings > and search by Key.

For more information on accessing the Configuration Editor and editing settings, refer to Answer ID 1960: Editing Configuration Settings.